awesome-embedded-and-iot-security/readme.md

Awesome Embedded and IoT Security

A curated list of resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.

Contents

• Software Tools
  • Analysis Frameworks
  • Analysis Tools
  • Extraction Tools
• Hardware Tools
• Books
• Research Papers
  • Case Studies
• Websites
• Conferences

Software Tools

Software Tools for analyzing embedded firmware images.

Analysis Frameworks

• FACT - The Firmware Analysis and Comparison Tool - Full featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.
• EXPLIoT - Pentest framework like Metasploit but specialized for IoT.

Analysis Tools

• Binwalk - Searches a binary for "interesting" stuff.
• Firmadyne - Tries to emulate and pentest a firmware.
• firmwalker - Searches extracted firmware images for interesting files and information.
• Trommel - Searches extracted firmware images for interesting files and information.

Extraction Tools

• Binwalk - Extracts arbitrary files utilizing a carving approach.
• FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
• Firmware Mod Kit - Extraction tools for several container formats.

Hardware Tools

• Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.
• Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.
• JTAGULATOR - Detects JTAG Pinouts.

Books

• 2019, Aditya Gupta: The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things

Research Papers

• 2018, Muench et al: What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
• 2017, nsr: Avatar 2: Towards an open source binary firmware analysis framework
• 2017, Costin et al: Towards Automated Classification of Firmware Images and Identification of Embedded Devices
• 2016, Kammerstetter et al: Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation
• 2016, Chen et al: Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
• 2016, Costin et al: Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
• 2015, Gascon et al: PULSAR: Stateful Black-Box Fuzzing of Proprietary Network Protocols
• 2015, Shoshitaishvili et al:Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
• 2015, Papp et al: Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy
• 2014, Zaddach et al: Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares
• 2014, Alimi et al: Analysis of embedded applications by evolutionary fuzzing
• 2014, Costin et al: A Large-Scale Analysis of the Security of Embedded Firmware s
• 2013, Davidson et al: FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution

Case Studies

Case Studies are a good start to learn how to find a vulnerabilities in embedded firmware.

• Hacking the DSP-W215, Again
• Multiple vulnerabilities found in the Dlink DWR-932B
• Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol
• PWN Xerox Printers (...again)

Websites

• OWASP Embedded Application Security
• OWASP Internet of Things Project

Conferences

• Hardwear.io

Contribute

Contributions welcome! Read the contribution guidelines first.

License

To the extent possible under law, Fraunhofer FKIE has waived all copyright and related or neighboring rights to this work.